What is GDPR?

GDPR stands for General Data Protection Regulation. GDPR is the core of Europe’s digital privacy legislation, which became law in the European Union on May 25, 2018.

GDPR introduced new obligations to data controllers (who own the customer relationship) and data processors (who handle data on the controller’s behalf), including those which are based outside the EU. GDPR is designed to:

Harmonize data privacy laws across Europe
Protect and empower all EU citizens data privacy
Reshape the way organizations across the region approach and handle data privacy.

For further information about GDPR, please visit the following official GDPR Link.

xMatters GDPR strategy

xMatters SaaS is fully compliant to GDPR requirements and it holds a Letter of Attestation issued by an independent third party audit.

xMatters has crafted a strategy for aligning with the European Union (EU) General Data Protection Regulation (GDPR) requirements, including but not limited to confirming Data Privacy Officer assignment, conducting annual revision to its DPIA (Data Privacy Impact Assessment), administrative controls for rights management, Breach reporting, DPA (Data Processing Agreement), etc. and technical controls for Data Protection in transit and at rest.

1. Lawfulness, Fairness and Transparency
Expand child menu
- Lawfulness: All information is collected and processed lawfully based on contractual requirements.
  
  Fairness: xMatters only process data according to the documented policies and procedures. There is no undocumented collection, use or disclosure of client data that.
  
  Transparency: We keep trust portal as a means to be transparent with our clients in terms of how our data practices are being carried. xMatters only access client data and client instances when they have been explicitly permitted to do so by the client in order to address client requests (e.g. problem ticket) and for support purposes, there is no casual data access.
2. Purpose Limitations
Expand child menu
- Client data collected by xMatters is for specified, explicit and legitimate purposes, which depends on client’s Business and Use case. All client provided data is used for service delivery as per contracted terms and agreements to facilitate emergency communications.
3. Data Minimization
Expand child menu
- xMatters has minimum data requirements that is a constituent receiving emergency communications: First Name, Last Name, and Email Address. Any further information provided by clients are up to the complete discretion of the client and to support their Business Case and Use Case toward the use of xMatters.
4. Accuracy
Expand child menu
- xMatters provides all clients with complete control over their own data. All clients have a Web Based User Interface (WebUI) access to xMatters SaaS for control and data entry, deletion and modification. xMatters has no control over the accuracy of client data inputted into the system.
5. Storage Limitations
Expand child menu
- xMatters data retention period is governed by the contractual agreement with the client.
6. Integrity and Confidentiality
Expand child menu
- xMatters makes sure that client personal data is processed in a manner that ensures industry-standard security of personal data. xMatters stores and processes all client data in Google Cloud Platform (GCP) datacenters and utilizes GCP’s industry leading security services. xMatters protects client data against unauthorized or unlawful processing and against accidental loss, destruction or damage.
  
  xMatters does not ‘share’ or ‘sell’ any data. All client provided data is used for service delivery as per contracted terms and agreements. Any data transferred to suppliers is done so as a part of xMatters service delivery. Suppliers are bound by contractual agreements to process data for xMatters only for xMatters business needs.
7. Accountability
Expand child menu
- xMatters is responsible for Personal Information under its control and has a designated Data Protection Officer (DPO) who is accountable for xMatters compliance with this Privacy Code of Conduct. xMatters keeps a data map and uses an Access Control Process overlaid with Role Based Access Control (RBAC) for separation of duties and segregation of roles. xMatters provides specific and understandable information about our policies and practices HERE. Clients can also contact xMatters by clicking HERE.

xMatters service reliability platform

Automate workflows, ensure applications are always working, and rapidly deliver products at scale.

Platform Overview

Everbridge Digital Operations Platform

Keep your services running

xMatters unites teams to identify and resolve issues quickly. See how we can help yours.

Solutions Overview

xMatters YouTube

Catch our latest webinars, customer stories, and support videos on the xMatters YouTube channel!

Watch YouTube

What is GDPR?

GDPR stands for General Data Protection Regulation. GDPR is the core of Europe’s digital privacy legislation, which became law in the European Union on May 25, 2018.

xMatters GDPR strategy

xMatters SaaS is fully compliant to GDPR requirements and it holds a Letter of Attestation issued by an independent third party audit.

1. Lawfulness, Fairness and Transparency

2. Purpose Limitations

3. Data Minimization

4. Accuracy

5. Storage Limitations

6. Integrity and Confidentiality

7. Accountability